Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 20 Nov 2015 12:10:57 -0500
From: Daniel Micay <danielmicay@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: seccomp filters without PR_SET_NO_NEW_PRIVS

On 20/11/15 12:00 PM, Florian Weimer wrote:
> Is there a way on current Linux kernels to install a seccomp filter
> which is reset on execve and therefore does not require
> PR_SET_NO_NEW_PRIVS for security reasons?  (The filter could restrict to
> execve if necessary.)

No, there's only the ability to do it with CAP_SYS_ADMIN without
PR_SET_NO_NEW_PRIVS.


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ